/ rant

WhatsApp blocked in Brazil

We got awesome news yesterday (Wednesday) at night: WhatsApp services will be blocked starting on Thursday at midnight for 48h (news here).

Yes, blocked. Cool, huh?

Update: it got unblocked in a bit more than 12h. Yey!

As far as I know the reason is because they don't want to release user information in some criminal case. The coolest thing is that probably they want the messages, even though WhatsApp uses end-to-end encryption (as far as we know, and I don't really trust it yet). So if everyone at WhatsApp is cool and nice, they only have metadata and encrypted data that they can't decrypt.

I actually don't care if they have metadata or the whole data (by stealing our crypto keys). I honestly don't care that much. I mean, I don't actually send, receive or do anything illegal or extremely private with it, so, meh, who cares? The point is that putting the whole service down because they don't want to release some data is kinda childish.

This describes my face when I saw the news:

Boy, that escalated quickly

There are better ways of dealing with such legal issues, and blocking a service is none of them. Also, you're now forcing all ISPs to block a service that has CDNs and that is used by almost everyone in your country. Some sysadmins probably didn't sleep much last night...

Oh, and this is not the first time. For a while already mobile phone companies want to block WhatsApp since it's considered a "pirate service", since they offer phone calls and don't pay the sames taxes the operators do. Ironically they didn't care about other apps doing the same, including Skype, Facebook, RedPhone (now Signal) and so on. Also, they can't understand that VoIP calls aren't really phone calls, and that as far as they know it's only data. They shouldn't be looking for what's inside that data. Shame on you, mobile operators!

What the hell is going on?

Noooo!

Yesterday, at about 23:30, some of my messages started being dropped. Not text messages, but photos, videos and audio messages were dropped. I couldn't upload or download anything - it would give me a generic error:

WhatsApp generic error
(Poor translation: "the download couldn't be done. Please try again later.")

At the moment I thought something was wrong with my link at home (provided by GVT). So I switched back to mobile data (Vivo, who actually owns GVT now) and I still had the same issue. I was "well, that's weird". I mean, it was supposed to be blocked at midnight, not at 23:30. Weird.

Anyway, I continued using WhatsApp until midnight, when everything started to get slow. After 00:10 people wouldn't get my messages, even though WhatsApp checked them as sent (but not received). Today in the morning I got some messages from other people, they got mine, and then everything went down. I can't send messages and the app fails completely to do so. I thought: well, they are dropping connections.

Let's have some fun!

"""fun"""

You see, WhatsApp dropping connections from brazilian IP addresses is kinda weird. If you think about it, Brazil is a huge country, and therefore has many IP ranges, which is sometimes really heard to block. The first Google result for "Brazil IP ranges" gives me this huge list which almost crashed my Google Chrome. Ops. Anyway, it's hard and annoying when you have CDNs and everything else.

Then people started posting stuff on Facebook saying how to get through the blockage. I started reading their posts and saw that some of them are actually using a VPN for that. A VPN they don't know, never heard of and probably are trusting way too much.

Don't. Just don't. You have no idea how much traffic can be sniffed on a network, and if they somehow install a CA on your device, they can sniff encrypted traffic. So don't.

Some other posts talk about changing DNS servers. I told a friend: blocking through DNS is pretty dumb, since it's really easy to bypass (way easier than a VPN). So I did a quick test with my ISP's (GVT) primary DNS server:

> nslookup web.whatsapp.com 200.175.5.139
Server: resolver1.gvt.net.br
Address: 200.175.5.139

*** resolver1.gvt.net.br can't find web.whatsapp.com: Non-existent domain

Uh... well, that's awkward. So you're now dropping requests to such address? Oh, you are dropping everything to whatsapp.com and whatsapp.net. Jesus.

Here's what happens when you switch to someone's else DNS server, like CCC's DNS cache:

> nslookup web.whatsapp.com 213.73.91.35
Server: dnscache.berlin.ccc.de
Address: 213.73.91.35

Non-authoritative answer:
Name: mmx.cdn.whatsapp.net
Address: 31.13.92.52
Aliases: web.whatsapp.com

That sounds better. So I switched DNS servers on both my phone and my machine and tried to open WhatsApp Web... and it failed. But why?

The reason is because GVT is not as dumb as I thought, or maybe I forgot something. They are also dropping the TCP packets to WhatsApp. Here's my machine trying to connect to WhatsApp Web:

WhatsApp on Wireshark

...

Man, that's evil!

Let the mimimi begin!

Whyyy

(Non-brazilians: mimimi is described more or less here)

Some people need WhatsApp to live. I don't know why, but they get crazy without it. They can't wait 48h without it. Most people I talk to I also have them on other social networks, so it's easy to contact them online. I also have their f-- phone numbers, which allows me to call them if I need to. Yes, I still call other people, it's not that weird!

Anyway, jokes aside, they are actually safer ways of using WhatsApp and WhatsApp Web without giving your data to others. I, for once, if need to use them for some reason, will just open a VPN to one of my machines located outside the country. If you have a Linux machine, you can even create this tunnel using sshuttle and live with SSH tunnels. It's safer, better and way more secure than any other weird-ass unknown VPN service that everybody is trusting their data without even thinking. And, sure, I understand that not everyone has machines around the world[1], but, come on, think about what you're doing: you're routing all of your data through another person's server. Everything that is not encrypted can be read, analysed and used against you (ha)! Everything that is encrypted can be broken if it uses poor crypto or they manage to do a man-in-the-middle attack. So yeah, not cool.

It's just 48 hours. Please, don't trust your data with unknown people. Just don't.

Please.


  1. It sounds like I have hundreds or thousands of machines around the globe. Nope, only two. Might create a new one for gaming (and now VPN). ↩︎